Release date:
2026-02-23 18:16:15 UTC
Description:
* SECURITY UPDATE: Traversing outside chmod directory
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filters directory members
before chmod/chown
- CVE-2024-12718
* SECURITY UPDATE: Symlink exfiltration
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: properly handles different link
semantics
- CVE-2025-4138
* SECURITY UPDATE: Hardlink Fallback Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: re-filter the source if hardlink
extraction falls back to copying
- CVE-2025-4330
* SECURITY UPDATE: Errorlevel=0 Extracts Rejected Members
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: account errorlevel
- CVE-2025-4435
* SECURITY UPDATE: PATH_MAX Attack
- debian/patches/CVE-2024-12718-CVE-2025-4138-CVE-2025-4330-CVE
-2025-4435-CVE-2025-4517.patch: prevents PATH_MAX overflow
attacks
- CVE-2025-4517
Updated packages:
-
alt-python37_3.7.17-11_amd64.deb
sha:5cdbd9c771b875bdc4937e5159837f3f46fc4785
-
alt-python37-debug_3.7.17-11_amd64.deb
sha:f57cd154846e3c91018820db2ee138035a488269
-
alt-python37-devel_3.7.17-11_amd64.deb
sha:e976eb1f8f3bec5c16648ec588692db7c4b8da19
-
alt-python37-libs_3.7.17-11_amd64.deb
sha:c03122ed75477fd5a7cae02d103cf8481bbb8631
-
alt-python37-test_3.7.17-11_amd64.deb
sha:a7fe2a342e54df74910ad8906872bf320487caeb
-
alt-python37-tkinter_3.7.17-11_amd64.deb
sha:c5e7c474be1d58943a6b5257811d4639897bde04
-
alt-python37-tools_3.7.17-11_amd64.deb
sha:04814745e4ac7da96ebfae36bc2c519e9bb873ca
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
